[PHP] Re: Variables with - in their name
On 19-11-2012 10:49, Alessandro Pellizzari wrote: Il Sun, 18 Nov 2012 01:09:11 -0500, Ron Piggott ha scritto: echo "\r\n"; It could be wrote: You MUST disable register_globals in your php.ini Once you have done that (and even before that...) you find your variable in $_POST['distributor-42-2'] (or $_GET, depends on your form method) Bye. I agree it should *always* be disabled, however even when it is ENabled, $_POST or $_GET (and also $_REQUEST) will always include that key and value, regardless of the setting on register_globals. In general though, it is most wise to DISable register_globals and code assuming it always will be disabled. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables with - in their name
Il Sun, 18 Nov 2012 01:09:11 -0500, Ron Piggott ha scritto: > echo " $row['promo_code_suffix'] . "\" style=\"text-align: center;\">\r\n"; > It could be wrote: > > echo $distributor-42-2; You MUST disable register_globals in your php.ini Once you have done that (and even before that...) you find your variable in $_POST['distributor-42-2'] (or $_GET, depends on your form method) Bye. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables via url
On 5/12/2012 7:21 AM, Jim Giner wrote: Of course, someone here with much more knowledge than I could very soon make me look stupid :) Meh, I don't call that looking stupid. I call it a different way of skinning the cat. :) We're all here to learn from one another, right? Thanks for the suggestion. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables via url
On May 12, 2012, at 9:47 AM, Ashley Sheridan wrote: > On Sat, 2012-05-12 at 09:21 -0400, Jim Giner wrote: > >> ""Ashley M. Kirchner"" wrote in message >> news:4fad9d8b.4020...@pcraft.com... >>> >>>Can someone point me at examples or directions on how I can pass a >>> variable via a URL in the following way: >>> >>>http://server.domain.com//script///variable/ >>> >>>I will only be passing one single /variable/. And I want the >>> /script/ to use that. >>> >>>I don't want to see what the script is, for example I don't want it >>> to say 'script.php' or 'script.html' ... >>> >>>Is this possible through PHP only, or do I have to write a rewrite >>> directive in Apache to accomplish this? >>> >> >> A URL has to point to a script - how will your server know what to do with >> the incoming URL if it doesn't point to something? That said - format your >> URL as a GET string and there's your variable. >> >> Ex.: >> >> http://server.domain.com/(scriptname)?variable&anothervariable&anothervariable >> >> Or - if this url is coming from an already running script, you could post >> the var to a session var and then send a url without the script name and let >> your server's default document (index.php ?) receive it and look up the >> session var, but that's a pretty silly way to handle things just to hide the >> scriptname. >> >> Of course, someone here with much more knowledge than I could very soon make >> me look stupid :) >> >> >> > > > I think what you're looking for is URL rewriting. PHP by itself can't do > that, you need to do it at the server level, so an .htaccess file would > be along the right lines. Ash is right; however you can leverage off of the "index page" So your script would be in "index.php" and the url would be: http://server.domain.com/some_optional_directory_path/?variable Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables via url
On Sat, 2012-05-12 at 09:21 -0400, Jim Giner wrote: > ""Ashley M. Kirchner"" wrote in message > news:4fad9d8b.4020...@pcraft.com... > > > > Can someone point me at examples or directions on how I can pass a > > variable via a URL in the following way: > > > > http://server.domain.com//script///variable/ > > > > I will only be passing one single /variable/. And I want the > > /script/ to use that. > > > > I don't want to see what the script is, for example I don't want it > > to say 'script.php' or 'script.html' ... > > > > Is this possible through PHP only, or do I have to write a rewrite > > directive in Apache to accomplish this? > > > > A URL has to point to a script - how will your server know what to do with > the incoming URL if it doesn't point to something? That said - format your > URL as a GET string and there's your variable. > > Ex.: > > http://server.domain.com/(scriptname)?variable&anothervariable&anothervariable > > Or - if this url is coming from an already running script, you could post > the var to a session var and then send a url without the script name and let > your server's default document (index.php ?) receive it and look up the > session var, but that's a pretty silly way to handle things just to hide the > scriptname. > > Of course, someone here with much more knowledge than I could very soon make > me look stupid :) > > > I think what you're looking for is URL rewriting. PHP by itself can't do that, you need to do it at the server level, so an .htaccess file would be along the right lines. -- Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Re: Variables via url
""Ashley M. Kirchner"" wrote in message news:4fad9d8b.4020...@pcraft.com... > > Can someone point me at examples or directions on how I can pass a > variable via a URL in the following way: > > http://server.domain.com//script///variable/ > > I will only be passing one single /variable/. And I want the > /script/ to use that. > > I don't want to see what the script is, for example I don't want it > to say 'script.php' or 'script.html' ... > > Is this possible through PHP only, or do I have to write a rewrite > directive in Apache to accomplish this? > A URL has to point to a script - how will your server know what to do with the incoming URL if it doesn't point to something? That said - format your URL as a GET string and there's your variable. Ex.: http://server.domain.com/(scriptname)?variable&anothervariable&anothervariable Or - if this url is coming from an already running script, you could post the var to a session var and then send a url without the script name and let your server's default document (index.php ?) receive it and look up the session var, but that's a pretty silly way to handle things just to hide the scriptname. Of course, someone here with much more knowledge than I could very soon make me look stupid :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables in Variables?
Jasper Bryant-Greene wrote:
Ben wrote:
$dbVars=explode(',',$two_vars); // Assuming comma seperator
foreach($dbVars AS $key => $value) {
$eval="\$temp=".$value.";";
eval($eval);
echo $temp;
}
WTF do you need eval() for?!
$dbVars = explode( ',', $two_vars );
foreach( $dbVars as $value ) {
echo $value;
}
Ah, sorry, I see what I missed now... Still, I'm sure there's a way to
do this without resorting to eval()...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables in Variables?
Ben wrote:
If I understand your question properly I'd explode $two_vars with
whatever seperator you have between them and then you'll need to use
eval to get your results. Maybe something like...
$dbVars=explode(',',$two_vars); // Assuming comma seperator
foreach($dbVars AS $key => $value) {
$eval="\$temp=".$value.";";
eval($eval);
echo $temp;
}
WTF do you need eval() for?!
$dbVars = explode( ',', $two_vars );
foreach( $dbVars as $value ) {
echo $value;
}
... does exactly the same thing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables in Variables?
Marquez Design said the following on 11/18/2005 04:54 PM:
Greetings.
Does anyone know how to do this?
I have,
$var
$var2
In a field called two_vars in a MySQL db.
I am calling the variables inside PHP document.
In that document I am saying:
$var = "time"
$var2 = "clock"
echo "$two_vars";
But the what prints out is
$var
$var2
not "time" and "clock". I know that is what is in the database, but I want
it to replace the variables when printed in the PHP file.
Does this make sense to anyone? Does anyone know how to do this?
If I understand your question properly I'd explode $two_vars with
whatever seperator you have between them and then you'll need to use
eval to get your results. Maybe something like...
$dbVars=explode(',',$two_vars); // Assuming comma seperator
foreach($dbVars AS $key => $value) {
$eval="\$temp=".$value.";";
eval($eval);
echo $temp;
}
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables from database
Stuart Felenstein wrote: I haven't try this yet but wondering if it's possible. Can I do something like this: select fieldone from table ; $myvar = $fieldone ? And more so could I do it with a where clause ? i.e. select fieldone from table where fieldone = 3 $myvar = $fieldone ? This is probably a stupid question. I am also wondering about syntax. Thank you, Stuart Stuart, why don't you try it first, then if you get the syntax wrong(as you have), you can fix it. Then if you are still in trouble, you can come to this newsgroup with a more meaningful request. It'll save you loads of time too. Best regards. . . Dusty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables inside a function
you can reference the vars as well, but i would guess with some logic
changes you could avoid the problem your having?
Referencing ..
$blah = '';
function add(&$blah, $something, $somethingElse) {
$something ++;
$somethingElse ++;
$blah = $something + $somethingElse
}
John Kaspar <[EMAIL PROTECTED]> wrote:
>
> use the global keyword...
> http://www.php.net/manual/en/language.variables.scope.php
>
>
> On 3/7/2004 6:17 PM, Nathan Croker wrote:
>
> > I am relatively new to PHP. But something I can't seem to make work is when
> > I call one of the functions I have made and a variable is set inside that
> > function
> > eg. function blah ($bl,$ah) {
> > $bl++;
> > $ah++;
> > $blah=$bl+$ah;
> > }
> > I then echo $blah; somewhere else in the script but nothing is echo'd. How
> > do I make it so that I can use $blah anywhere in the script?
> >
> > Thank you in advance for any help.
> >
> > Nathan Croker
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables inside a function
use the global keyword...
http://www.php.net/manual/en/language.variables.scope.php
On 3/7/2004 6:17 PM, Nathan Croker wrote:
I am relatively new to PHP. But something I can't seem to make work is when
I call one of the functions I have made and a variable is set inside that
function
eg. function blah ($bl,$ah) {
$bl++;
$ah++;
$blah=$bl+$ah;
}
I then echo $blah; somewhere else in the script but nothing is echo'd. How
do I make it so that I can use $blah anywhere in the script?
Thank you in advance for any help.
Nathan Croker
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables are working!
Thanks for helping me... Now its working perfectly. Problem was with globals as you all pointed-out. PHP Manual pages at http://www.php.net/manual/en/language.variables.predefined.php was very helpful overcome this problem (thanks alot Ben...). Kaushan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables not working!
> [snip] > Try using $_POST['fname'] instead of $fname. > [/snip] > Or $_GET['fname'] depending on your form method Or even $_REQUEST['fname'], which doesn't care about which method is specified in the form. :p Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Variables not working!
[snip] Try using $_POST['fname'] instead of $fname. [/snip] Or $_GET['fname'] depending on your form method -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables not working!
Try using $_POST['fname'] instead of $fname. This just means that register_globals is probably set to off in php.ini, which is the recommended setting. Take a look at the section on predefined variables in the PHP manual for more on this: http://www.php.net/manual/en/language.variables.predefined.php -Ben Kaushan wrote: Hi, I am new to PHP scripting and struggling with the following problem. I have two files, an HTML file and a PHP file. HTML file contains a form with one text field and a submit button. When a user pressed the submit button, it calls the php file (). What the php file does is just echo back the text received from html file to the user again. Name of the text field is 'fname'. When I used this variable in the php file (as $fname) it does not contain the value of the text field. Query-string appended to the url during the submission is also correct. I checked for all syntax errors, but the codings are perfect. Do I have to change php.ini file to fix this problem. Could anyone can help me to solve this problem. Kaushan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables scope question
Mike, It depends what you mean by local scope. If you declare the variable as global, it should be available to the code inside include1.txt and index.php. It will not be available to other pages however (i.e. it is not session global). To create a truly global (available to all pages in the site) variable, you should use a session variable. Regards, Steve "Mike D" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > I have recently noticed something that I wasn't aware of until now. I have > index.php which contains include1.txt and include2.txt. If a variable is set > in include1.txt it will *only* have a local scope, even if I declare it > GLOBAL. Is this normal or a bug? > > - MD > > > Mike Dunlop > AWN, Inc. > // www.awn.com > [ e ] [EMAIL PROTECTED] > [ p ] 323.606.4237 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables not passed on localhost setup
The problem is that your php.ini has register_globals = Off change it to On. You can also do the following at the top of your script - (this is the correct way): $TestVar = (!empty($_GET['TestVar'])) ? true : false; ?> Greg Watson wrote: Hi Guys, I've Googled and RTFM'd, but I can't seem to figure this out - it may not even be a php problem but I'm not sure. I've set up Apache, PHP and MySQL on my laptop running XP Home. Although I've coded php for a while now, I had never set these up on my own computer before. The php seems to be parsed ok, but it doesn't look as though variables are being passed from page to page. I used this as a VERY simple test: - Variable Test if (!$TestVar) print "- Not Set"; if ($TestVar == 1) print "- Set and Displayed"; ?> - When I use this code on my ISP webserver (which I think is running RedHat Linux, and I know it obviously has php andMySQL), I get the 'Set and Displayed' message after clicking on the link. When I use it locally, although the url displays: http://localhost/index.php?TestVar=1 I still get the 'Not Set' message. I'm assuming I've not configured something correctly, but I don't know where else to look! If anyone could help I'd be very grateful. At least if I know it's not the php and to look more at Apache or something! Thank you, Greg Watson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables not being past
> "The Doctor" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Questions, I have a > > cusotmer using a basic username and password > > verifier on a php Web Page. > > This was working and suddenly with I redefined the php environment, > > the php variables are not getting passed on. > > > > why? Questions you should answer 1) What kind of authentication? htaccess/apache, mysqldb, etc.. 2) Who wrote the authentication script? Is it part of the pear::Auth class? 3) What did you do to redefine the php environment? Change the php.ini file? Just to throw a guess out based on what you have given already you should check to see if the 'register_globals' option is set in php.ini. Many configurations will have it turned off for security reasons but if your authentication script was relying on them being turned on then it will fail. You can check the setting by either looking at the php.ini file in an editor or by running the following on your webserver: Good luck - John Zimmerman [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables not being past
Could be because there is a solar eclipse somewhere If your going to ask a question, at least give details that matter. Asking a question like: Why isn't the sun shining?? Leaves endless possibilities as to why you can't see the sun. Is there a blanket over your head? Is it night time???.. Just give relevant details "The Doctor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Questions, I have a > cusotmer using a basic username and password > verifier on a php Web Page. > > This was working and suddenly with I redefined the php environment, > the php variables are not getting passed on. > > why? > > -- > Member - Liberal International On 11 Sept 2001 the WORLD was violated. > This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] > Society MUST be saved! Extremists must dissolve. > Arsenal Winners of the FA CUp 2003! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables not being past
Hi, Check the php.ini for register_globals By default, from PHP 4.2.0 register_globals is OFF Cheers, Catalin "The Doctor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Questions, I have a > cusotmer using a basic username and password > verifier on a php Web Page. > > This was working and suddenly with I redefined the php environment, > the php variables are not getting passed on. > > why? > > -- > Member - Liberal International On 11 Sept 2001 the WORLD was violated. > This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] > Society MUST be saved! Extremists must dissolve. > Arsenal Winners of the FA CUp 2003! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables don't pass... *sniff*
Daniel,
Switch register_globals back on, and everything works as it always did.
So do it!
All this fuss about register_globals being insecure is a complete load
of rubbish. This issue really bores me, but it seems programmers are
wasting a lot of time on it, so I guess I'd better run through the
arguments one more time...
1. You can never know whether the input to your script came from a real
GET, a COOKIE, or a POST. It's very easy to create a simulated GET,
COOKIE or POST. You don't even need a programming language if you've
got the right tools. Even with php, (hardly a typical hacking tool),
it's only a few lines of code.
2. That means that checking to make sure a variable was specifically a
GET, COOKIE or POST variable has no security value whatsoever.
3. On the other hand, not worrying about how your script got its request
variables (i.e. register globals is on) is intrinsically sound
programming practice. Your code should work and your logic should be
sound regardless of what happened before your script got executed. It's
one of the great advantages of the internet. For example, on searches,
you can have exactly the same search code and results page driven from a
search form, or a link on another page, or a remote http request. You
code once, but your code can be used in many different ways.
4. In any case, register globals off only protects the sloppy programmer
from the sloppy hacker. It doesn't stop the good programmer from being
as cautious as they like. You can already control the order in which
variables are registered e.g. to make POST variables always override
COOKIES or vice versa. And, you can, if you really need to,
double-check with the global variables, HTTP_POST_VARS etc.
5. When it comes to access control, (which seems to be where the bogus
security argument starts), there is only one safe approach. That is to
require that a valid username and password are supplied with every
request and then check them in every script. It's not hard, it doesn't
take long and it's the proper way to do it. There's a whole section of
the http protocol, http authentication, which is designed precisely to
make this easy.
But hey, don't worry about all this guff. Just switch register globals
back on. If your system administrator/ISP won't let you, just refer
them to this mail and tell them I'd be happy to explain anything they
don't get.
Keep it simple!
George
[EMAIL PROTECTED] wrote:
Hi all!
I'm using Apache 2.0.45, PHP 4.3.2RC4, and MySQL 3.23.49 on Windows 2003
Server Standard.
I have a problem passing variables between pages. They simply get lost.
Neither GET nor POST pass values, and even "hardcoding" them into the URL,
like
htpp://localhost/comeon.php?aVariable=ding&anotherVariable=dong
and putting this in comeon.php:
echo("Values: $aVariable, $anotherVariable");
only outputs
Values: ,
...I've tried with RC3 of PHP, even 4.3.1, but it doesn't work. I've used
PHP on my machine with Apache 2 before, and it worked fine. Actually I used
the same scripts fine on my old config. This was on XP however, so I'm not
sure if it's got something to do with the OS. I'm hoping it's a
configuration issue.
Any ideas are VERY much appreciated =).
Thanks,
Daniel
» There are 10 kinds of people - those who know binary and those who don't.
«
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] re: variables with ""
> -Original Message- > From: Ian A. Gray [mailto:[EMAIL PROTECTED] > Sent: 17 March 2003 15:11 > > > Using the \ or using single quotes instead of double > is great. However I am now finding a problem if > someone inputs either single or double quotes on a > form which uses php. > > The user inputs for example: > I\ve performed many roles including "Figaro", > "Dandini" and 'Wotan' > > becomes: > I\'ve performed many roles including \"Figaro\", > \"Dandini\" and \'Wotan\' > > Is there a simple way of getting rid of the annoying > backslash(\) from a the contents of a variable? http://uk2.php.net/stripslashes Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re: variables with ""
php has a function stripslashes() you could try using. - charles On Monday, March 17, 2003, at 10:11 AM, Ian A. Gray wrote: Using the \ or using single quotes instead of double is great. However I am now finding a problem if someone inputs either single or double quotes on a form which uses php. The user inputs for example: I\ve performed many roles including "Figaro", "Dandini" and 'Wotan' becomes: I\'ve performed many roles including \"Figaro\", \"Dandini\" and \'Wotan\' Is there a simple way of getting rid of the annoying backslash(\) from a the contents of a variable? Many thanks, Ian Gray = - Ian A. Gray Manchester, UK Telephone: +44 (0) 161 224 1635 - Fax: +44 (0) 870 135 0061 - Mobile: +44 (0) 7900 996 328 US Fax no.: 707-885-3582 E-mail: [EMAIL PROTECTED] - Websites: www.baritone.uk.com (performance) & www.vocalstudio.co.uk (Tuition) - __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] re: variables with ""
Using the \ or using single quotes instead of double is great. However I am now finding a problem if someone inputs either single or double quotes on a form which uses php. The user inputs for example: I\ve performed many roles including "Figaro", "Dandini" and 'Wotan' becomes: I\'ve performed many roles including \"Figaro\", \"Dandini\" and \'Wotan\' Is there a simple way of getting rid of the annoying backslash(\) from a the contents of a variable? Many thanks, Ian Gray = - Ian A. Gray Manchester, UK Telephone: +44 (0) 161 224 1635 - Fax: +44 (0) 870 135 0061 - Mobile: +44 (0) 7900 996 328 US Fax no.: 707-885-3582 E-mail: [EMAIL PROTECTED] - Websites: www.baritone.uk.com (performance) & www.vocalstudio.co.uk (Tuition) - __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: variables with ""
a) $mail->Body = " 20pt;\">Heading"; b) $mail->Body = 'Heading'; The second method is better reabadle but also disable variable substitution and most escape sequences (\n and the like). hth "Ian a. gray" wrote: > > Hi, > just a quick question. How do I include double quotes > in a variable? I am trying to put html code in a > variable in a mailing program: > > > > $mail->Body = "Heading > Please e-mail me at href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]" > > > > I know that you don't have to inclose everything in > html tags with quotes, but sometimes you do. The > above qon't work obviously as it has nested quotes. > How do I get the above to work? > > Many thanks, > > Ian Gray > > __ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts > http://uk.my.yahoo.com -- Arnold Schommer FS EDV Service & Beratung GmbH An der Pönt 48 40885 Ratingen fon: +49 2102 186 400 fax: +49 2102 186 499 mailto:[EMAIL PROTECTED] http://www.fs-edv.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables not being received from form
Please, please, PLEASE don't correct code that isn't wrong with code
that is! Read http://www.php.net/manual/en/language.types.array.php.
To answer the original question, the $HTTP_POST_VARS variable is out of
scope in your function. Either use $_POST superglobal array if you're
using 4.1.0 or higher, or use $GLOBALS['HTTP_POST_VARS']['formvarhere']
pei_world wrote:
cann't see any thing without your form! I think it is misstyping error,
check your form variables name,
specially upper case or lower case!
but try
$rank = $HTTP_POST_VARS[rank];
$title_new = $HTTP_POST_VARS[titles];
--
Sincerely your;
pei_world ( .::IT::. )
"Peter Gumbrell" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Thanks to those who have helped me with my two other questions this
afternoon.
In the function below, the update query at the end is inserting empty
values
into the database. For some reason the lines:
re not picking up the form values.
Here is the complete function. I do not have a form action set so that I
can
read the SQL message. The update query is working.
function retrieve_select_listing($link, $workshop, $session, $username)
{
$query_retrieve = "SELECT choice_ID, rank, workshop_id FROM choices_peter
WHERE workshop_ID = '$workshop' AND username ='$username'";
$result1 = mysql_query($query_retrieve, $link) or die("display_db_query:"
.
mysql_error());
$row1 = mysql_fetch_array($result1);
$choice_id = $row1[0];
$query_title = "SELECT title, CONCAT(sessionlet, sesnumber) AS SessionID
FROM ECOO2003 WHERE sessionlet = '$session'";
$result2 = mysql_query($query_title, $link) or die("display_db_query:" .
mysql_error());
while ($columns = mysql_fetch_array($result2))
{
$column = $columns['title'];
$sessionid = $columns['SessionID'];
$selected = "";
if ($sessionid == $row1['workshop_id'])
{
$selected = "SELECTED";
}
$title_block .= "$column\n";
}
print "";
$selected_session = $HTTP_POST_VARS['titles'];
print "\n";
print "Change the rank of this workshop, or select another workshop from
this session and click the update button.";
print "";
print "workshopRankWorkshop Title";
print "$row1[2]$title_block\n";
print "";
print "";
print "After you have made your changes, click the Update button to
confirm these.";
print "";
print "";
print "";
print "";
if ($_POST['Submit']=='Update')
{
print "updated!!";
$rank = $HTTP_POST_VARS['rank'];
$title_new = $HTTP_POST_VARS['titles'];
print "rank =$rank";
print "title# = $title_new";
$query_update = "UPDATE choices_peter SET rank = '$rank', workshop_id =
'$title_new' WHERE choice_ID = '$choice_id'";
$update = mysql_query($query_update, $link) or die("display_db_query:" .
mysql_error());
}
}
Many thanks
Peter
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt
to decrypt it will be prosecuted to the full extent of the law.
[PHP] Re: Variables not being received from form
cann't see any thing without your form! I think it is misstyping error,
check your form variables name,
specially upper case or lower case!
but try
$rank = $HTTP_POST_VARS[rank];
$title_new = $HTTP_POST_VARS[titles];
--
Sincerely your;
pei_world ( .::IT::. )
"Peter Gumbrell" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Thanks to those who have helped me with my two other questions this
> afternoon.
> In the function below, the update query at the end is inserting empty
values
> into the database. For some reason the lines:
>
>
> re not picking up the form values.
>
> Here is the complete function. I do not have a form action set so that I
can
> read the SQL message. The update query is working.
>
>
> function retrieve_select_listing($link, $workshop, $session, $username)
> {
> $query_retrieve = "SELECT choice_ID, rank, workshop_id FROM choices_peter
> WHERE workshop_ID = '$workshop' AND username ='$username'";
> $result1 = mysql_query($query_retrieve, $link) or die("display_db_query:"
.
> mysql_error());
> $row1 = mysql_fetch_array($result1);
> $choice_id = $row1[0];
> $query_title = "SELECT title, CONCAT(sessionlet, sesnumber) AS SessionID
> FROM ECOO2003 WHERE sessionlet = '$session'";
> $result2 = mysql_query($query_title, $link) or die("display_db_query:" .
> mysql_error());
> while ($columns = mysql_fetch_array($result2))
> {
> $column = $columns['title'];
> $sessionid = $columns['SessionID'];
> $selected = "";
> if ($sessionid == $row1['workshop_id'])
> {
> $selected = "SELECTED";
> }
> $title_block .= " $selected>$column\n";
> }
>
>
> print "";
> $selected_session = $HTTP_POST_VARS['titles'];
> print "\n";
>
> print "Change the rank of this workshop, or select another workshop from
> this session and click the update button.";
>
> print "";
> print "workshopRankWorkshop Title";
> print "$row1[2] value=$row1[1]> NAME=\"titles\">$title_block\n";
> print "";
> print "";
> print "After you have made your changes, click the Update button to
> confirm these.";
> print "";
> print "";
>
> print "";
> print "";
>
>
> if ($_POST['Submit']=='Update')
> {
> print "updated!!";
> $rank = $HTTP_POST_VARS['rank'];
> $title_new = $HTTP_POST_VARS['titles'];
> print "rank =$rank";
> print "title# = $title_new";
> $query_update = "UPDATE choices_peter SET rank = '$rank', workshop_id =
> '$title_new' WHERE choice_ID = '$choice_id'";
> $update = mysql_query($query_update, $link) or die("display_db_query:" .
> mysql_error());
>
>
> }
> }
>
> Many thanks
>
> Peter
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables and http
thanks, works perfectly - Original Message - From: "Mattia" <[EMAIL PROTECTED]> Newsgroups: php.general To: <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 12:41 PM Subject: Re: Variables and http > > "Hacook" <[EMAIL PROTECTED]> ha scritto nel messaggio > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > I have a page (to create a database) with X text fields called chpX (chp0, > > chp1, chp2..Etc) that posts these variables to a php file. > > I would like to know how can i get these values ? (I have also the $i > > variable that tells me what is the max X) > > > first you have to create the var name in a string, like > > $var = 'chp'.$i ; // $i is the number > > then retrive the posted value > > $value = $_POST[$var] ; > > bye > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables and http
"Hacook" <[EMAIL PROTECTED]> ha scritto nel messaggio [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > I have a page (to create a database) with X text fields called chpX (chp0, > chp1, chp2..Etc) that posts these variables to a php file. > I would like to know how can i get these values ? (I have also the $i > variable that tells me what is the max X) first you have to create the var name in a string, like $var = 'chp'.$i ; // $i is the number then retrive the posted value $value = $_POST[$var] ; bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables
On Dom 03 Nov 2002 06:40, David Jackson wrote: > Bryan McLemore wrote: > > What is a variables value before said value has been assigned a value? > > > > Thanks > > Bryan > > Wouldn't it be null or empty " "? NULL -- Porqué usar una base de datos relacional cualquiera, si podés usar PostgreSQL? - Martín Marqués |[EMAIL PROTECTED] Programador, Administrador, DBA | Centro de Telematica Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables
Bryan McLemore wrote: What is a variables value before said value has been assigned a value? Thanks Bryan Wouldn't it be null or empty " "? Just a guess, David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables aren't being passed to php page
Jason Wong wrote: > On Monday 15 July 2002 03:55, Tim Luoma wrote: > >>Jason Wong wrote: >> >>>This list gets at least one question a day on this subject ... >> >>And there will be a lot more as people scan the web for example scripts >>and find ones that assume 'register_globals' is set to on. > > Questions coming from those sources are partly understandable. It was confusing to me to wonder why from one day to the next the same scripts stopped working, until I checked the PHP version. > What I was referring to was the particular case of "I've got an application > that was working perfectly using php X.XX, then I upgraded to php Y.YY and > now it doesn't work anymore". > > It is those people who should look before they leap and read before they > upgrade. Quite right. TjL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables aren't being passed to php page
On Monday 15 July 2002 03:55, Tim Luoma wrote: > Jason Wong wrote: > > This list gets at least one question a day on this subject ... > > And there will be a lot more as people scan the web for example scripts > and find ones that assume 'register_globals' is set to on. Questions coming from those sources are partly understandable. What I was referring to was the particular case of "I've got an application that was working perfectly using php X.XX, then I upgraded to php Y.YY and now it doesn't work anymore". It is those people who should look before they leap and read before they upgrade. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* If all the world's a stage, I want to operate the trap door. -- Paul Beatty */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables aren't being passed to php page
Jason Wong wrote: > This list gets at least one question a day on this subject ... And there will be a lot more as people scan the web for example scripts and find ones that assume 'register_globals' is set to on. TjL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables aren't being passed to php page
This is no problem. Since PHP 4.2 register_globals is disabled by default (in prior versions it was enabled). Either you can use the $_POST, $_GET etc. arrays or simply set register_globals in the php.ini to "On" ! -micha Mike Heffner wrote: > Hi, > > I've recently upgraded from PHP 4.0.4p11 -> PHP 4.2.1, but now there seems > to be a problem that variables from POST/GET are not being passed to the > PHP page. For example, with the following file test.php, using the URL > 'test.php?mid=1' displays 'nope'. > > if (isset($mid)) > echo "$mid"; > else > echo "nope"; > ?> > > Is this a known problem, or is this some configuration issue? > > Thanks for any help, > > Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: variables not being passed from form ??
Got it! 'file_uploads' was Off in /etc/php.ini. That was stopping all form variables from being passed from the file upload form Thanks all! AFC "Anthony 'Crash' Ciarochi" <[EMAIL PROTECTED]> wrote in message 024e01c21711$111d2200$[EMAIL PROTECTED]">news:024e01c21711$111d2200$[EMAIL PROTECTED]... > I have a web page which contains a form whose action is a php script. > > Unfortunately, NONE of the form's variables are being passed when the form > is submitted. > > For example: the submit button's name is 'submit', and the value is 'Add', > but in the receiving php script, $submit is empty, and so is > $HTTP_POST_VARS["submit'] > > register_globals is On > The form method is post. > > What else am I missing? > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables - Using The Contents Of A Varibale Name Built Dynamically
> Won't that treat all radio buttons on the page as one group, instead of > being separate groups for each form? No - the tags "enclose" the data that is being submitted - nothing outside of the tags will reach the script that handles the request. Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables - Using The Contents Of A Varibale Name Built Dynamically
"Michael Davey" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You could give the button the same name in each form - only the fields in > between the tags is actually submitted, then put a hidden field > in the form that uniquely identifies the data being submitted. > > Just a thought... it is what I usually do... Won't that treat all radio buttons on the page as one group, instead of being separate groups for each form? -- _ _ o oJason Teagle < [EMAIL PROTECTED] v -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables - Using The Contents Of A Varibale Name Built Dynamically
You could give the button the same name in each form - only the fields in
between the tags is actually submitted, then put a hidden field
in the form that uniquely identifies the data being submitted.
Just a thought... it is what I usually do...
Mikey
"Jason Teagle" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have found an alternate way of achieving what I want, but I'm wondering
if
> there was an easier way. I have a PHP file that builds a Web page that
> includes forms. The forms are built dynamically based on the contents of a
> file, and thus there may be one or two or more forms on the page at any
> time. This means that I have controls named $btnChoice1 (first form),
> $btnChoice2 (second form), etc. (radio buttons). All of these forms are of
a
> similar format, and so lead to the same PHP page in their action - a
> parameter is passed in the URL to identify which form it came from.
>
> When the form passes to its action file, another PHP file, there are two
> ways to get form data: $_POST["control_name"] or $control_name. The
problem
> is, the control name I need has to be built dynamically based on which
form
> it came from. So I need this:
>
> $btnName = "btnChoice" . $form_number ;
>
> But now I have the tricky bit - $_POST[$btnName] doesn't work because it
> requires nested substitution of variables, and similarly I can't echo
> $btnName because that will of course use "btnChoice2" instead of the
> _contents_ of the control named btnChoice2.
>
> Is it possible to 'dereference' (whatever the term is) the variable name
> twice? I tried
>
> $$btnName
>
> in the stupid hope that it would first interpret that to
>
> $btnChoice2
>
> and then interpret that to the contents of the control, but of course it
> failed.
>
> I ended up using foreach on $_POST to pull out control names and their
> contents, and comparing the control name to my built-up name - but I was
> wondering if there's a more elegant way of doing what I wanted?
>
> Promise my next question to the group will be short {:v)
>
>
> --
>
> _ _
> o oJason Teagle
> < [EMAIL PROTECTED]
> v
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: variables
Also, it's good to read the press releases: http://www.php.net/release_4_2_1.php External variables We would also like to attend you on a big change in PHP 4.2.0 concerning variable handling. External variables (from the environment, the HTTP request, cookies or the web server) are no longer registered in the global scope by default. The preferred method of accessing these external variables is by using the new Superglobal arrays, introduced in PHP 4.1.0. http://www.php.net/release_4_1_0.php On Wed, May 22, 2002 at 11:52:02AM +0200, Michael Virnstein wrote: : : you can use : : $_POST['name1'] if you're using post vars : $_GET['name1'] if you're using get vars : : "Roman Duriancik" <[EMAIL PROTECTED]> schrieb: : > : > When are set in php.ini (php version 4.2.1 on linux) register_globals = Off : > how I read variables from html files with forms in other php file ? -- Eugene Lee [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: variables
you can use $_POST['name1'] if you're using post vars $_GET['name1'] if you're using get vars Regards Michael "Roman Duriancik" <[EMAIL PROTECTED]> schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > When are set in php.ini (php version 4.2.1 on linux) register_globals = Off > how > I read variables from html files with forms in other php file ? > > Thanks > > roman > > for example : > > html file : > > > > > > > and in php file > echo $name1; > ?> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables within variable names
Once I had a bit of experience with variable variables, I found them very useful. But I did discover that you can't embed variable variables (or values from arrays) in the SQL statements I was sending to MySQL. I had to create a temporary variable for use in my SQL statements. I'm not sure why, whether I was missing something. Rita Mikusch -Original Message- From: HeyJim [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 10:26 PM To: Jackson Miller; [EMAIL PROTECTED] Subject: Re: Variables within variable names I agree with Jason and Miguel, but if you really want to do this, you could try: $type = "basic"; $user = $type."_user"; $$user = "jaxn"; echo $basic_user; I can see where something like this *could* be useful, but I'd still use the arrays. Jim. At 12:43 PM 5/2/02, Jackson Miller wrote: >I want to do something along the lines of: > >$type = "basic"; >$$type_user = "jaxn"; >echo $basic_user; > >and have the output be "jaxn". __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables within variable names
I agree with Jason and Miguel, but if you really want to do this, you could try: $type = "basic"; $user = $type."_user"; $$user = "jaxn"; echo $basic_user; I can see where something like this *could* be useful, but I'd still use the arrays. Jim. At 12:43 PM 5/2/02, Jackson Miller wrote: >I want to do something along the lines of: > >$type = "basic"; >$$type_user = "jaxn"; >echo $basic_user; > >and have the output be "jaxn". -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
On Thursday 14 March 2002 14:14, Analysis & Solutions wrote:
[snip]
> The examples on that page are lame. For example:
>
>if($HTTP_COOKIE_VARS['username']){
> // can only come from a cookie, forged or otherwise
> $good_login = 1;
> fpassthru ("/highly/sensitive/data/index.html");
>}
[snip]
Admittedly the example given in the manual wasn't very good or clear. Let's
change the example slightly.
if($HTTP_COOKIE_VARS['username']) {
// can only come from a cookie, forged or otherwise
$good_login = 1;
}
// later on ...
if ($good_login) {
fpassthru ("/highly/sensitive/data/index.html"); }
else {
echo("Hello, you're not logged in!");
}
Now if register_globals was ON then it's a simple matter of passing a value
in the URL to gain access to the sensitive data without actually having to
log in:
http://www.domain.com/display_secret_data.php?good_login=1
If register_globals is OFF then the above ploy would not work because
good_login would not automatically make it into the variable namespace.
Enabling register_globals is nice and convenient but it's very easy to shoot
yourself in the foot if you don't track where your variables are coming from,
or you don't initialise your variables properly.
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
/*
Carmel, New York, has an ordinance forbidding men to wear coats and
trousers that don't match.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
On Tue, Mar 12, 2002 at 05:42:12PM +0800, Jason Wong wrote:
> On Tuesday 12 March 2002 12:27, Analysis & Solutions wrote:
>
> The source of the data *does* matter. That is why the latest releases of
> PHP (> 4.0.6) recommends having register_globals OFF by default.
> ... snip snip snip ...
> To see why the source of data matters, see the chapter "Security::Using
> Register Globals"
The examples on that page are lame. For example:
if($HTTP_COOKIE_VARS['username']){
// can only come from a cookie, forged or otherwise
$good_login = 1;
fpassthru ("/highly/sensitive/data/index.html");
}
Naturally, just because someone submits a user name doesn't make their
submission valid. I know, they're just using that as an example. But,
in the real world, you need to first make sure the username submitted
fits within your expected parameters of length and character types.
Plus, if you're about to put that user name into a query, doesn't
contain any characters which will trick the query. Then, you need to
check that the user name is valid. Then, and only then, would you
permit the user to get the sensitive data. Regardless of where the data
comes from, all of those steps need to be taken. Thus, it doesn't
matter where the data came from.
> But if you don't know where the data came from then it's not secure. Consider
> a "real-life" example. Robin Hood steals the Sheriff's ATM card, and the
> Sheriff stupidly enough has written the PIN onto the back of the card. Now
> Robin can go and withdraw all the money from the Sheriff's account because
> the ATM has no way of knowing that the card was stolen (it doesn't know where
> the source of the data came from), all it knows is that the data is valid
> (right card, right PIN).
Hmm. You're correct. At the same time, the point I'm trying to make is
not about the person transmitting the data, but rather, the means
they're doing so. My issue is the thief would also be able to use that
pin to (hypothetically, of course) access the Sheriff's account via
debit card purchases in stores, the bank's website and bank-by-phone
services.
Regardless of the means used to transmit the PIN, the bank still needs
to ensure the data is clean before they perform the check to see if the
PIN is the right PIN for that account.
Enjoy,
--Dan
--
PHP scripts that make your job easier
http://www.analysisandsolutions.com/code/
SQL Solution | Layout Solution | Form Solution
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
On Monday, March 11, 2002, at 10:34 PM, Jason Wong wrote:
>>> On Monday 11 March 2002 11:10, Chris Cocuzzo wrote:
$foo = "Entry for " . $HTTP_POST_VARS["name"];
>>>
>>> $foo = "Entry for for $HTTP_POST_VARS[name]";
>>
>> But that's not good programming. Associative arrays should have the
>> key
>> quoted in order to avoid confusion with contants. See
>> http://www.php.net/manual/en/language.types.array.php#language.types.array.
>> donts
>
> Inside of double-quoted strings there is no need to single-quote the
> array
> key (in fact it can't be done, gives syntax error). The section of the
> manual
> you quoted states this :)
I thought that it could be done like so:
$foo = "Entry for {$HTTP_POST_VARS['name']}";
Sorry for butting in,
Erik
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
I love your example.. > But if you don't know where the data came from then it's not secure. > Consider a "real-life" example. Robin Hood steals the Sheriff's ATM card, > and the Sheriff stupidly enough has written the PIN onto the back of the > card. Now Robin can go and withdraw all the money from the Sheriff's > account because the ATM has no way of knowing that the card was stolen (it > doesn't know where the source of the data came from), all it knows is that > the data is valid (right card, right PIN). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
On Tuesday 12 March 2002 12:27, Analysis & Solutions wrote: > > For security reasons. To make sure the variable did come from POSTing a > > form and not from the URL. > > Neither is more or less secure. The source of the data doesn't matter. The source of the data *does* matter. That is why the latest releases of PHP (> 4.0.6) recommends having register_globals OFF by default. That is also why instead of the cumbersome $HTTP_POST_VARS[] (etc) it's been changed to a much shorter $_POST[]. And to further encourage you to use the new form, $_POST[], $GET[] etc have been made "super global" so they can be used directly inside functions without having to declare them as global. To see why the source of data matters, see the chapter "Security::Using Register Globals" > Regardless of where the info is from, validating user input is the only > way to ensure security. But if you don't know where the data came from then it's not secure. Consider a "real-life" example. Robin Hood steals the Sheriff's ATM card, and the Sheriff stupidly enough has written the PIN onto the back of the card. Now Robin can go and withdraw all the money from the Sheriff's account because the ATM has no way of knowing that the card was stolen (it doesn't know where the source of the data came from), all it knows is that the data is valid (right card, right PIN). -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* Let not the sands of time get in your lunch. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
On Tue, Mar 12, 2002 at 11:34:14AM +0800, Jason Wong wrote: > On Tuesday 12 March 2002 11:11, Analysis & Solutions wrote: > > On Mon, Mar 11, 2002 at 08:39:16PM -0500, webapprentice wrote: > > > From: Jason Wong <[EMAIL PROTECTED]> > > > > > > On Monday 11 March 2002 11:10, Chris Cocuzzo wrote: > > > > $foo = "Entry for " . $HTTP_POST_VARS["name"]; > > > > > > $foo = "Entry for for $HTTP_POST_VARS[name]"; > > > > But that's not good programming. Associative arrays should have the key > > quoted in order to avoid confusion with contants. > > Inside of double-quoted strings there is no need to single-quote the array > key (in fact it can't be done, gives syntax error). The section of the manual > you quoted states this :) Yes. Quoting the array key inside a string is not correct. Never said it was. Now that I think about it, though, if you use the associative array inside a string, there's no way the string key can be confused with a constant, so the main point of my initial post is mute. So, you're right that the following is kosher: $foo = "Entry for for $HTTP_POST_VARS[name]"; > For security reasons. To make sure the variable did come from POSTing a form > and not from the URL. Neither is more or less secure. The source of the data doesn't matter. Regardless of where the info is from, validating user input is the only way to ensure security. Enjoy, --Dan -- PHP scripts that make your job easier http://www.analysisandsolutions.com/code/ SQL Solution | Layout Solution | Form Solution T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Variables within a string
On Tuesday 12 March 2002 11:11, Analysis & Solutions wrote: > On Mon, Mar 11, 2002 at 08:39:16PM -0500, webapprentice wrote: > > From: Jason Wong <[EMAIL PROTECTED]> > > > > On Monday 11 March 2002 11:10, Chris Cocuzzo wrote: > > > $foo = "Entry for " . $HTTP_POST_VARS["name"]; > > > > $foo = "Entry for for $HTTP_POST_VARS[name]"; > > But that's not good programming. Associative arrays should have the key > quoted in order to avoid confusion with contants. See > http://www.php.net/manual/en/language.types.array.php#language.types.array. >donts Inside of double-quoted strings there is no need to single-quote the array key (in fact it can't be done, gives syntax error). The section of the manual you quoted states this :) [snip] > Now, I wonder why you're even assigning this information to yet another > varialbe. Why not just use the information straight up?: >echo "Entry for for $name"; > > Of course, there are legitimate reasons for your approach, but often new > programmers needlessly assign stuff to varialbes. Just making sure. For security reasons. To make sure the variable did come from POSTing a form and not from the URL. > Finally, if you really want to use $HTTP_POST_VARS[] AND your'e > running PHP 4.1*, consider using the superglobal $_POST[] instead. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* Nobody knows what goes between his cold toes and his warm ears. -- Roy Harper */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Variables within a string
Oh, so that's how you deal with indexed variables inside of double quotes... I can't believe that has eluded me for so long... --- From: Jason Wong <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Mon, 11 Mar 2002 12:09:15 +0800 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [PHP] Variables within a string On Monday 11 March 2002 11:10, Chris Cocuzzo wrote: > I would imagine the problem has something to do with those escaped quote > marks, but in any case, you could probably get around it by doing this: > > $foo = "Entry for " . $HTTP_POST_VARS["name"]; > > some correct me if I'm wrong Or simply: $foo = "Entry for for $HTTP_POST_VARS[name]"; -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* If you don't have a nasty obituary you probably didn't matter. -- Freeman Dyson */
RE: [PHP] Re: variables
Thanks,
I'll implement sessions... :)
regards
Bart
-Oorspronkelijk bericht-
Van: _lallous [mailto:[EMAIL PROTECTED]]
Verzonden: dinsdag 11 september 2001 13:30
Aan: [EMAIL PROTECTED]
Onderwerp: Re: [PHP] Re: variables
In that case you'll have to use session_variables or cookies.
mostly session_variables are better especially for authentication and
login/logout systems...
<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks for the fast answer1
>
> Yes I thought of that, but I also got the problem using the $vars in
frames:
>
> I'm using a authenticationform for users to get to a frameset. Now I'm
> transfering the usernames/pwds in the uri-string to all the framepages. In
> all framepages I check for $PHP_AUTH_USER to be set and when so I query
the
> db again and.
> It seems that the vars aren't global. How can I globalize the vars so they
> are usable in other files. Are sessions teh only option?
>
> Thanks in advance,
> Bart
>
> -Oorspronkelijk bericht-
> Van: _lallous [mailto:[EMAIL PROTECTED]]
> Verzonden: dinsdag 11 september 2001 12:23
> Aan: [EMAIL PROTECTED]
> Onderwerp: [PHP] Re: variables
>
>
> Sure you can!
>
> consider this simple example:
>
>
> click here to go to
> next page
>
>
> <!--
> function setvars(var1, var2)
> {
> df = document.dataform;
> df.var1.value = var1;
> df.var2.value = var2;
> df.submit();
> }
> //-->
>
>
>
>
>
>
>
>
> it's using hidden forms...
> you can also use sessions...
>
> <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello,
> >
> > Is it possible to transfer certain variables to a new scripts, but not
> doing
> > this as uri-parameters (../bla.php?var1=var&var2=var#)
> >
> > I need it for Usernames and passwords and when the pages get cached the
> > usernames and pwd's can be viewed in the Temp-inetfiles-folder in
> Windhoze.
> >
> > Thanks,
> >
> > Bart
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: variables
In that case you'll have to use session_variables or cookies.
mostly session_variables are better especially for authentication and
login/logout systems...
<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks for the fast answer1
>
> Yes I thought of that, but I also got the problem using the $vars in
frames:
>
> I'm using a authenticationform for users to get to a frameset. Now I'm
> transfering the usernames/pwds in the uri-string to all the framepages. In
> all framepages I check for $PHP_AUTH_USER to be set and when so I query
the
> db again and.
> It seems that the vars aren't global. How can I globalize the vars so they
> are usable in other files. Are sessions teh only option?
>
> Thanks in advance,
> Bart
>
> -Oorspronkelijk bericht-
> Van: _lallous [mailto:[EMAIL PROTECTED]]
> Verzonden: dinsdag 11 september 2001 12:23
> Aan: [EMAIL PROTECTED]
> Onderwerp: [PHP] Re: variables
>
>
> Sure you can!
>
> consider this simple example:
>
>
> click here to go to
> next page
>
>
> <!--
> function setvars(var1, var2)
> {
> df = document.dataform;
> df.var1.value = var1;
> df.var2.value = var2;
> df.submit();
> }
> //-->
>
>
>
>
>
>
>
>
> it's using hidden forms...
> you can also use sessions...
>
> <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello,
> >
> > Is it possible to transfer certain variables to a new scripts, but not
> doing
> > this as uri-parameters (../bla.php?var1=var&var2=var#)
> >
> > I need it for Usernames and passwords and when the pages get cached the
> > usernames and pwd's can be viewed in the Temp-inetfiles-folder in
> Windhoze.
> >
> > Thanks,
> >
> > Bart
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: variables
Thanks for the fast answer1
Yes I thought of that, but I also got the problem using the $vars in frames:
I'm using a authenticationform for users to get to a frameset. Now I'm
transfering the usernames/pwds in the uri-string to all the framepages. In
all framepages I check for $PHP_AUTH_USER to be set and when so I query the
db again and.
It seems that the vars aren't global. How can I globalize the vars so they
are usable in other files. Are sessions teh only option?
Thanks in advance,
Bart
-Oorspronkelijk bericht-
Van: _lallous [mailto:[EMAIL PROTECTED]]
Verzonden: dinsdag 11 september 2001 12:23
Aan: [EMAIL PROTECTED]
Onderwerp: [PHP] Re: variables
Sure you can!
consider this simple example:
click here to go to
next page
<!--
function setvars(var1, var2)
{
df = document.dataform;
df.var1.value = var1;
df.var2.value = var2;
df.submit();
}
//-->
it's using hidden forms...
you can also use sessions...
<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> Is it possible to transfer certain variables to a new scripts, but not
doing
> this as uri-parameters (../bla.php?var1=var&var2=var#)
>
> I need it for Usernames and passwords and when the pages get cached the
> usernames and pwd's can be viewed in the Temp-inetfiles-folder in
Windhoze.
>
> Thanks,
>
> Bart
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: variables
Sure you can! consider this simple example: click here to go to next page it's using hidden forms... you can also use sessions... <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > Is it possible to transfer certain variables to a new scripts, but not doing > this as uri-parameters (../bla.php?var1=var&var2=var#) > > I need it for Usernames and passwords and when the pages get cached the > usernames and pwd's can be viewed in the Temp-inetfiles-folder in Windhoze. > > Thanks, > > Bart > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: variables.
Hmm... It seems that you're variables are beeing reposted upon each page reload. yes, some code might help. "Johan Vikerskog" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED].. . > ok, i still am a newbie to this and therefor ill ask this silly question. > > I have made a small test script which checks the inputted name and pass against my database and if > it was successfull it typed out success! and if it wasnt successfull it types out wrong password! > > My problem is. everytime i reload the page it prints out the last result. > I mean when i want to reload the page it should be empty. > But it isnt. > > Does anyone know how i can do this? > If you dont understand my question ill post the script here, i just thought i wouldent flame your mailboxes. > > //Johan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Variables
try this little form example out: --example.php-- t1 t2 -/example.php-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] RE: Variables within functions, out?
> -Original Message-
> From: James, Yz [mailto:[EMAIL PROTECTED]]
> Sent: 01 February 2001 22:22
> To: [EMAIL PROTECTED]
> Subject: Variables within functions, out?
>
>
> Hey guys. Can I firstly say, thanks to all of you who helped
> me out with my
> last question about importing MS Access databases into
> MySQL... It helped
> tons!
>
> However, I have another question.
>
> Firstly, I've strayed away from writing many of my own
> functions, because
> they give me the fear. But the code on the pages I am
> creating has forced
> me to wake up... I really sould think about cutting back on code.
>
> SO, anyway, to cut to the chase, my question is this: If I write a
> function, which performs checks and assigns variable based on
> these checks,
> how do I get the assigned variables from within the function?
> For example
> (this is more than likely VERY wrong), something like this:
>
> global.inc:
>
>
> function CheckBirthday() {
> global $year,$month,$day;
>
> if (($day) && ($month) && ($year)) {
> if (checkdate($day,$month,$year) {
> $birthday = "$year/$month/$day";
> } else {
> $birthday = "Invalid";
> }
> }
> }
>
> ?>
>
the correct use of a function would be ...
function CheckBirthday($year,$month,$day) {
if (($day) && ($month) && ($year)) {
if (checkdate($day,$month,$year) {
$birthday = "$year/$month/$day";
} else {
$birthday = "Invalid";
};
};
return $birthday;
}
this function can now be used by a calling program without the callong
program needing to know anything about it's internal working.
> File that would update / insert information to a MySQL database:
>
>
> // Connection details here
>
> require("global.inc");
>
> CheckBirthday();
>
> $sql = "UPDATE MyTable
> SET
> birthday = \"$birthday\"
> WHERE id = \"$id\"
> ";
>
> // etc
>
> ?>
>
> Even when I KNOW that I have included correct values, the
> $birthday variable
> never shows up outside the function. It's probably something
> simple I'm
> missing, as in most cases ;)
>
> Thanks for your patience,
>
> James.
>
>
>
Tim Ward
Senior Systems Engineer
Please refer to the following disclaimer in respect of this message:
http://www.stivesdirect.com/e-mail-disclaimer.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: variables not being passes between php pages
I have this now:
I also tried method="get" -- i can see the variables
in the url too. I have double checked spelling etc.
This line prints nothing - not even a space I think:
printf ("These values were inserted into the database
- %s %s", $firstname, $surname);
--- Joe Stump <[EMAIL PROTECTED]> wrote:
> Well if you aren't posting to your add.php page (ie
> method="post"
> action="add.php") then you need to pass them via the
> add.php?var=foo&varb=bar
> method.
>
> --Joe
>
>
> On Wed, Jan 10, 2001 at 12:02:54PM -0800, jeff
> fitzmyers wrote:
> > I am working on the nice tutorial at
> >
> http://designmagick.50megs.com/postgresql-tutorial/
> >
> > I have my test.php and add.php pages created and
> just
> > can't seem to pass variables to the add.php page
> > -- not even simple things like $user!
> >
> > phpinfo() shows HTTP_POST_VARS["firstname"] = Jeff
> so
> > php knows about the vaariables but
> > doesn't seem to tell the new page.
> >
> > What am I doing wrong??
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Photos - Share your holiday photos online!
> > http://photos.yahoo.com/
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
> ---
> Joe Stump
> PHP Programmer
> www.Care2.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
